Skip to content

pbiernacki/mac_nonet

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
mac_nonet.c
mac_nonet.c
 
 

Repository files navigation

mac_nonet

Disable access to networking for certain group

To test, clone the repo and run make && make load in the module directory. The load action require root permissions.

Set gid that shouldn't access the network: sysctl security.mac.nonet.gid=31337 and enable enforcing: sysctl security.mac.nonet.enabled=1. Any call to socket(2) from user in this group will end with EPERM.

You can also select group that can access only AF_UNIX sockets with security.mac.nonet.local_gid.

About

Disable access to networking for certain group

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages